Getting started with STM32H5 security

Revision as of 13:11, 18 April 2023 by Registered User


A set of practical trainings is proposed to get an overview and to understand the STM32H5 security solutions.
These trainings are based on the boards, tools and code examples provided by ST.
This article gives an overview of these proposed trainings.
For the examples listed below, each step to be done is described in detail.
It is advised to start with these examples before making your own trials or using other security related examples available in the STM32Cube_FW_H5.

Product Serie STM32H503 STM32H563 STM32H573 Prerequisite Introduction article
Ecosystem Nucleo MB1814-H503RB Nucleo MB1404-H563ZI Discovery STM32H573I-DK
STM32CubeMX OEMiROT example on STM32H573 Link to How To STM32CubeMx_V6.9.0 or later Link
STM32CubeMX OEMiROT example on STM32H563 Link to How To STM32CubeMx_V6.9.0 or later Link
STM32CubeMX STiROT example on STM32H573 Link to How To STM32CubeMx_V6.9.0 or later Link
STM32CubeMX Secure Manager example Link to How To STM32CubeMx_V6.9.0 or later Link
DA on STM32H57 (TZ=0) example Link to How To Link to How To STM32CubeFW_H5_V1.0.0 or later Link
DA on STM32H503 example Link to How To STM32CubeFW_H5_V1.0.0 or later Link
OEMiROT on STM32H57/6 (TZ =1) example Link to How To Link to How To STM32CubeFW_H5_V1.0.0 or later Link
OEMiROT on STM32H503 example Link to How To STM32CubeFW_H5_V1.0.0 or later Link
STiROT on STM32H57 example Link to How To STM32CubeFW_H5_V1.0.0 or later Link
Secure Manager on STM32H573 Link to How To STM32CubeFW_H5_V1.0.0 or later Link

1. Secure Boot

The Secure Boot and related Root of Trust is implicitly used in all the proposed " How to start" step by step examples.
But a bootpath can be defined from scratch and a related firmware frame generated using the STM32CubeMx.
The proposed example on this topic is based on STM32CubeMx

2. Debug Authentication

It is key to well understand how to set the Debug Authentication in order to define the wanted rights to reopen the debugger once closed.

3. OEMiROT

An OEM can develop his own customized Immutable Root Of Trust (OEMiROT).
It is advised to read the Secure_Boot_for_STM32H5 wiki article to understand the different possible Root of Trust.

4. STiROT

An immutable root of trust defined by ST is included natively for the STM32H57x serie.
It's an embedded firmware stored in the system flash and that can't be modified.
It is advised to read the Secure_Boot_for_STM32H5 wiki article to understand the different possible Root of Trust.


5. Secure Manager

rrrr

No categories assignedEdit